Understanding Crypto Regulations

by Kyle Samani

In light of the recent actions by the US Securities and Exchange Commission and People’s Bank of China, we’re receiving a lot of questions about regulation. In this post, we’ll provide some frameworks to understand how governments can enforce regulations on public blockchains.

First we’ll discuss how regulators can (or cannot) regulate the blockchain networks directly by examining historical network regulation. Then we’ll dive into fiat-crypto on ramps and decentralized exchanges, and lastly touch on the SEC’s recent guidance regarding crypto ICOs.

Napster: Taking Down A Centralized Service

Napster had a simple network topology to help users distribute music:

When you opened the Napster application on your computer, Napster would scan your computer for mp3 files. Then the Napster application would upload metadata about those songs (song name, artist, length, album, etc.), but not the actual mp3 files themselves, to Napster’s servers. When another user searched for a song on Napster, Napster’s servers would search the metadata that all of the Napster users had uploaded. When a user clicked “download,” Napster servers would connect the user requesting the download to the user who was actually hosting a copy of the file being requested. The host would then send the file directly to the requester.

As Napster exploded in popularity, the Record Industry Association of America (RIAA) lobbied the federal government to curb this practice. After successfully lobbying for laws with criminal penalties, federal agents demanded that Napster immediately shut down its servers.

In the wake of Napster’s demise, some developers realized the problem was that Napster was fragile. There was a central point of failure. So they designed a protocol, not an application, that created distributed indexes of metadata, among other innovations. That protocol was called the torrent protocol.

Torrents: Years of failed government intervention

Torrents are a sophisticated, complex technology. But the most salient trait of the torrent protocol is that there are many servers hosting the indices that the centralized Napster servers hosted in the old model. The servers that host a particular index share updates with one another:

There have been hundreds of servers that have hosted torrent indices over the years: PirateBay, Isohunt, torrentz, torrentbox, and more. Many of these have been shut down. Some have come back. Despite individual hosts going up and down, torrents still comprise a stunning 29% of global Internet traffic (most torrents are used to download copyrighted movies and TV shows).

A large fraction of torrent traffic is used to violate copyright law. Governments around the world have gone after torrent hosts with fury. They’ve successfully taken many hosts down. And yet, people continue to share copyrighted files using torrent technology unabated.

Why did torrents “succeed” where Napster failed?

Because there isn’t a central point of failure: the underlying torrent protocol is open source and data is openly shared between between nodes on the network. There are millions of copies of both the source code and index data floating around the Internet. Although individual nodes are still vulnerable, the network as a whole is not. Each time governments shut down individual nodes, multiple duplicates spawn. Shutting down torrents is a cat and mouse game. Regulators have struggled with torrents for over a decade.

Blockchains share the two features of torrents that make them so resilient to censorship:

Millions of people have copies of the open source code and data.

Shutting down individual nodes doesn’t damage a blockchain network (the Bitcoin and Ethereum blockchains each have tens of thousands of nodes globally).

As people all over the world move an increasing percentage of their net worth from fiat currencies into cryptoassets, governments are going to lose tax revenue. Governments will feel the pain. Broadly speaking, they’ll have three courses of action. They can attack the networks, they can regulate fiat-crypto exchanges, or they can try to create their own crypto networks. We’ll examine all three options.

How Can Governments Attack Blockchain Networks?

Governments cannot regulate the networks themselves. There is simply no way for governments to unilaterally change the structure of a peer to peer protocol. Governments may proclaim “cryptocurrencies are illegal” or tell people how much money they can send, to whom, and on what frequency (akin to modern banking regulations). These statements are, practically speaking, unenforceable. To enforce these rules, governments would have to prevent people from broadcasting arbitrary data (aka transactions) over the Internet. Without blocking large swaths of the Internet as whole, this is basically impossible.

It remains to be seen how people will react if governments make such proclamations. There are historical examples on both sides: marijuana and alcohol prohibition (many people ignore the government) and online poker (most people stopped upon government proclamation).

But governments can attack networks to sever the public’s trust of the network. If successful, governments may set the network back, but effects will be short-lived. Broadly speaking, there are two ways governments can attack networks: spam and bad actor attacks.

Governments can easily generate an unlimited number of addresses. They can send money between their own addresses at a very high frequency, clogging the network. This would incur some fees as transactions are not free. But if governments wanted to scare people by making transactions slow and expensive, they could easily and relatively inexpensively do this with network spam. If people feel they cannot access their money because the network is clogged, or that transaction costs are too high, they may not feel comfortable using cryptocurrencies.

Governments could also outright attack networks. For blockchains like Bitcoin and Litecoin that use proof-of-work consensus algorithms, this would entail buying enough computing power to control more than 51% of total hash power on the network. With a successful 51% attack, governments could sever public trust in a blockchain. However, to conduct a 51% attack against the Bitcoin network today would require purchasing a few billion dollars worth of application specific integrated circuits (ASICs). For state-level actors, this is doable, though it probably couldn’t be done under-the-radar since all Bitcoin ASIC manufacturing is done by Bitcoin miners in China.

But it wouldn’t accomplish much in the long run. Certainly people would lose trust in that particular network and the price of that network’s coin would collapse. But this would be a Pyrrhic victory.

If Bitcoin is attacked in this way, many users would likely migrate to another network such as Litecoin or Ethereum. The least sophisticated consumers would lose money in this scenario, and the technically savvy would probably escape wealthier than ever before. Even if governments invest the billions of dollars needed to accomplish this type of attack, they won’t have accomplished much as the believers will flock to other networks. If anything, crypto believers will lose even more faith in their respective governments’ ability to enforce regulations in an intelligent way on blockchain networks, driving adoption away from fiat currencies and towards cryptocurrencies.

Let’s consider a proof-of-stake (PoS) attack. For a network such as Ethereum, which is moving towards PoS, this would require the government to buy 51% of Ether. Doing so would drive up the price of the coin dramatically, probably on the order of 5-20x. Given that Ethereum has about a $30B network value today, this kind of attack would likely cost $50-250B. In doing so, the attacker would enrich many people before crashing the market. The savvy would profit, and the government and unsophisticated investors would lose wealth.

And once again, even if all trust in Ethereum is lost, people will just copy the Ethereum source code, apply a few changes, and start a new network. This is the antifragility of peer to peer networks at work.

In summary, there just aren’t good ways to attack these networks to creating lasting impacts. Governments can certainly cause short term fear and scare markets, but they don’t have the tools to actually stop the networks themselves. Even if governments do embark on sophisticated attacks, they are likely to harm the least sophisticated users most. The savvy will escape with few losses.

Governments can regulate fiat-crypto exchanges

Governments do however have one source of leverage over crypto networks: exchanges in which users trade fiat currency for crypto. By definition, these exchanges interface with legacy banking systems, which are subject to government controls.

Governments could easily state “trading fiat currency for Bitcoin is illegal.” Banks would immediately freeze all transfers to crypto exchanges and the the exchanges’ fiat-denominated bank accounts.

In the US, we’re seeing regulators attempt to control crypto at the point of fiat-crypto exchange. The IRS demanded a list of every Coinbase user and their respective transactions from 2013-2015. The IRS recently scaled back their requests and only asked for users who engaged in trades larger than $25,000. Other governments are regulating their local fiat-crypto exchanges, particularly with regard to capital controls.

The fiat-crypto on ramp is the most fragile part of the system. Governments have tremendous leverage here. But once money is converted into crypto and is stored in private (non-exchange hosted) wallets, it will be free of government controls.

Once your money is in crypto, you’ll be able to freely trade cryptoassets for other cryptoassets using decentralized exchange (DEX) protocols like 0x, SWAP, OmiseGo, and Kyber. Although these protocols have some significant differences, they share one common trait: there’s no way to stop them. They settle transactions on chain. Even if the founders of all these protocols disappeared, the exchanges would continue to run unabated.

To be clear, this wouldn’t be a public blockchain like Bitcoin or Ethereum. Rather, it would be a permissioned blockchain such that the Chinese central bank still controls monetary policy. They will also likely enforce mechanisms like identity, capital controls, etc.

Why would a government do this? To monitor every transaction.

Government support of blockchains – even permissioned ones – is likely to be beneficial to permissionless blockchains like Bitcoin simply by raising interest and legitimizing the technology. It seems reasonable that as governments move their own fiat onto blockchains, they won’t sacrifice any control or leverage at the exchange point between their proprietary, permissioned blockchains and permissionless chains such as Bitcoin.

The SEC’s and PBoC’s Recent Guidance

The biggest crypto news of the last month has been regulatory action. Note that none of these regulations are even trying to affect the protocols directly. Rather, all of the recent regulatory news has been focused on two things: preventing fraud/scams, and ensuring that token issuers and exchanges comply with existing securities laws if the token is a security.

There are a few evolving stories:

The SEC released guidance that says that initial coin offerings need to comply with securities laws if the issuer is issuing a security. The guidance says that ICO tokens will be judged per the Howey test, as expected. The guidance says that ICOs that violated securities laws prior to the issuance of guidance will not be prosecuted without warning. Lastly, and most importantly, the SEC said that exchanges must either delist securities or become SEC-approved exchanges (multi-year process). None of the crypto exchanges are SEC-approved today.

A number of exchanges – Shapeshift, Poloniex, Bitfinex – announced that they would review the assets on their platforms and delist those that they thought are securities. It’s clear that every exchange is going through this process right now.

A tiny ICO – one that raised just $50K – was contacted by the SEC. This team was a bunch of amateurs and shut down and refunded investor capital. They had never even spoken to a lawyer.

The SEC has sent inquiries to a number of high profile projects, including BCAP, MCAP, ICN, NMR, DNT, SAN, and MLN. Some of these are obviously securities: BCAP, MCAP, ICN are unquestionably securities. BCAP was issued in compliance with securities laws. Others are definitely not securities: NMR wasn’t sold to anyone. The issuer literally gave them all away!

The People’s Bank of China stated that ICOs are illegal, and that issuers should refund investors.

We believe the SEC’s guidance will catalyze the ecosystem faster than it would have otherwise developed. Prior to the SEC’s input, there was a lot of gray area. Although not every question has been answered, many have, and we have indications as to how the SEC is thinking about classifying utility tokens. The industry benefits from regulatory clarity.

We expect to see many of the outright scams and frauds get shut down in the coming weeks and months. This will generate clickbait headlines and short term price turbulence. However, we don’t believe this will have any material bearing on the longer term development of the groundbreaking projects.

We interpret the SEC reaching out to legit, above-the-bar projects as an information-gathering exercise. This is rather clear since it appears the SEC is in the process of contacting basically every token issuer, regardless of underlying token dynamics.

The two largest cryptoassets – Bitcoin and Ethereum – do not appear to be receiving any direct scrutiny from the US or Chinese governments.

We expect exchanges to be the focal point of regulation for the foreseeable future. Exchanges are the best source of leverage for regulators to control commerce.

Just as torrents were the market’s response to the crackdown on Napster, the market has responded with decentralized exchanges (DEX). Regulators will struggle as non-compliant securities trade on these exchanges regardless. $ZRX and $OMG are both DEXs that saw massive gains this month (neither has a production-ready product yet, but ZRX is in beta). More DEXs are coming in the near future with SWAP and Kyber Network.

The strong Chinese announcement was a direct response to fraud and scams, which are heavily concentrated in China, and not to the broader notion of software sales and token issuance for legit teams.

Conclusion

Structurally, there aren’t practical ways by which governments can enforce regulations on the blockchain networks themselves. Governments have 3 options: regulate crypto-fiat exchanges by leveraging control of existing banking systems, adopting their own permissioned crypto protocols, and regulating how new projects issue tokens. It’s still unclear if regulators will try regulate cryptoassets within traditional securities law frameworks, or if governments will develop entirely new frameworks to accommodate the unique nature of cryptos.

In the short term, regulators will crack down on scams, fraud, and those in violation of existing securities laws. This will cause small market panics, but shouldn’t impact the viability of the best teams working on the most compelling trustless protocols.